Why do we need a database vault?

Why do we need a ‘Database Vault’?

by

Craig Moir

Of

MyDBA

January 2012

Copyright © 2012 MyDBA CC

Oracle Database Vault

What Security problems do we face today?

The most pressing security problems facing organizations today are :

• Protecting sensitive data against insider threats;

• Meeting regulatory compliance requirements; and

• Enforcing Separation of Duties.



Insider Threats

Although external exploits by criminals breaking into systems get big

headlines, industry specialists estimate that 80% to 90% of the damage to

information systems is done by insiders, which typically gets hushed up.



Meeting regulatory compliance requirements

• Protection of Personal Information Bill (POPI)

• Payment Card Industry Data Security Standard

• King III - King Report on Governance for South Africa 2009

• Sarbanes–Oxley Act of 2002 (for NYSE listed companies)

Other Laws:

• Health Information Portability and Accountability Act (HIPAA)

• UK Data Protection Act

• Family Educational Rights and Privacy Act (FERPA)

• California Breach Law

• Federal Information Security Management Act (FISMA)



Separation of Duties (SoD)

Definitions:

• The main objective is to prevent a single person from defrauding the

organization.

• A security principle that says no one person should be able to effect a

breach of security.

• This principle prevents any part of the computer system from being

under the control of a single person.



What Auditors require

• Separation of Duties

• Reporting

• Notification

• Proven audit data integrity



Fundamental Data Security Requirements

• Confidentiality Individuals see only what they are supposed to see

• Integrity The data is valid and trustworthy

• Availability Authorized users data is available when required



Components for Enforcing Security

• Authentication

• Authorization

• Access control

• Auditing

• Encryption

• Abuse of privilege

• Data or service theft



Principle of Least Privilege

Definitions:

• The principle of least privilege requires that a user be given no more

privilege than necessary to perform a job.

• A process, user or a program must be able to access only such

information and resources that are necessary for its legitimate purpose.



What is Oracle Database Vault?

Oracle Database Vault is a database security option that allows you to

address the most pressing security problems facing organizations today, and

that is:

• protecting sensitive data against insider threats;

• meeting regulatory compliance requirements; and

• enforcing Separation of Duties.



MyDBA Security Credentials

• Oracle Database 11g Security Options Certified Implementation Specialists.

• Database Vault implementation experience.

• MyDBA Lectures Oracle Identity Manager at Oracle University SA.

• MyDBA Lectures Oracle Access Manager at Oracle University SA.

• MyDBA Lectures Oracle Database 10GR2 Security at Oracle University SA.



MyDBA Consulting Services

For more information on MyDBA’s security consulting services please contact us on:

[email protected]

0861 911 DBA

+27 11 027 9400

http://www.mydba.co.za

Disclaimer: This document is provided for information purposes only. While MyDBA has taken care to ensure that the content on this document is accurate, the information is provided "as is" and is not warranted to be error-free. Your use of and reliance on the information is entirely at your own risk.

This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the prior written permission of MyDBA.


Documents

Why do we need a database vault?